Log4j is the most recent open-source vulnerability to raise its head and cause severe disruption for companies across the world. There are already reports of security breaches which is a big deal because Java is used extensively so there is huge potential for damage. Java touches apps of every type across all sectors, including some of the big hitters such as Apple iCloud and Samsung cloud storage.
“Java is one of the most popular languages for web applications, mobile applications – practically everything. Log4j is a library used in nearly every Java installation because it is used for logging server operations. Many applications also keep logs for debugging purposes.” [securityboulevard.com]
Log4j provides a pathway for a number of threats such as data extraction, uploading files, deleting data, installing ransomware – amongst others. It is vital that businesses work to directly block any imminent IT dangers they face.
In the past four months, Log4J, the code containing the flaw, has been downloaded 84 million times from the largest public repository of open-source Java components, according to security company Sonatype. Millions of computers running online services use it for logging or recording events. [BBC.com]
The good news, and probably something we should have led with, is that DocSafe is not subject to Log4j issues and we will continue to monitor our systems to maintain this status. We have had several enquiries by (relieved) clients who urgently needed to know what action they should take. The extra good news is that there is no action to take and we will continue to do this on your behalf.